1 files changed, 32 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch b/recipes-security/refpolicy/refpolicy/0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch
new file mode 100644
index 0000000..f32bb74
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch
@@ -0,0 +1,32 @@
+From 8d1a8ffca75ada3dc576a4013644c9e9cdb45947 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 31 Oct 2019 17:35:59 +0800
+Subject: [PATCH] policy/modules/kernel/kernel: make kernel_t MLS trusted for
+ writing to keys at all levels.
+Fixes:
+systemd-udevd[216]: regulatory.0: Process '/usr/sbin/crda' failed with exit code 254.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/kernel/kernel.te | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
+index 4dffaef76..34444a2f9 100644
+--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
+@@ -362,6 +362,8 @@ mls_fd_use_all_levels(kernel_t)
+ # https://bugzilla.redhat.com/show_bug.cgi?id=667370
+ mls_file_downgrade(kernel_t)
+ 
+mls_key_write_all_levels(kernel_t)
+
+ ifdef(`distro_redhat',`
+        # Bugzilla 222337
+        fs_rw_tmpfs_chr_files(kernel_t)
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch b/recipes-security/refpolicy/refpolicy/0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch new file mode 100644 index 0000000..f32bb74 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch
@@ -0,0 +1,32 @@
	1	From 8d1a8ffca75ada3dc576a4013644c9e9cdb45947 Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Thu, 31 Oct 2019 17:35:59 +0800
	4	Subject: [PATCH] policy/modules/kernel/kernel: make kernel_t MLS trusted for
	5	writing to keys at all levels.
	6
	7	Fixes:
	8	systemd-udevd[216]: regulatory.0: Process '/usr/sbin/crda' failed with exit code 254.
	9
	10	Upstream-Status: Inappropriate [embedded specific]
	11
	12	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	13	---
	14	policy/modules/kernel/kernel.te \| 2 ++
	15	1 file changed, 2 insertions(+)
	16
	17	diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
	18	index 4dffaef76..34444a2f9 100644
	19	--- a/policy/modules/kernel/kernel.te
	20	+++ b/policy/modules/kernel/kernel.te
	21	@@ -362,6 +362,8 @@ mls_fd_use_all_levels(kernel_t)
	22	# https://bugzilla.redhat.com/show_bug.cgi?id=667370
	23	mls_file_downgrade(kernel_t)
	24
	25	+mls_key_write_all_levels(kernel_t)
	26	+
	27	ifdef(`distro_redhat',`
	28	# Bugzilla 222337
	29	fs_rw_tmpfs_chr_files(kernel_t)
	30	--
	31	2.17.1
	32